gpg: introduce the --delete-secret-subkeys command
Needs ReviewPublic

Authored by matheusmoreira on Sat, May 4, 10:17 PM.
This revision needs review, but there are no reviewers specified.


  • g10/gpg.c (cmd_and_opt_values): Add command for delete-secret-subkeys.

(opts): Add delete-secret-subkeys argparse option.
(main): Parse and invoke the delete-secret-subkeys command.

  • g10/main.h (delete_keys): Add subkeys_only parameter.
  • g10/delkey.c (delete_keys): Likewise.

(do_delete_key): Likewise.
(should_skip): Skip primary keys if subkeys_only is true.

The new delete-secret-subkeys command is a safer variant of the existing
delete-secret-keys command. It skips primary keys during the deletion
process, preventing accidental deletion of the user's primary key
even if an exact key description for the primary key is provided.

Signed-off-by: Matheus Afonso Martins Moreira <>

Test Plan

Given a temporary gpg home with one primary and multiple subordinate keys:

$ agent/gpg-agent --daemon --homedir $XDG_RUNTIME_DIR/gnupg-git

$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --passphrase '' --default-new-key-algo rsa1024/cert --quick-gen-key test
$ PRIMARY=$(g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git -K --with-colons | awk -F: '/fpr/ { print $10 }' | head -1)

$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --passphrase '' --quick-add-key $PRIMARY rsa1024 sign
$ SIGN=$(g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git -K --with-subkey-fingerprint --with-colons | awk -F : '/fpr/ { print $10 }' | tail -1)

$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --passphrase '' --quick-add-key $PRIMARY rsa1024 encr
$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --passphrase '' --quick-add-key $PRIMARY rsa1024 auth
  1. --delete-secret-subkeys $PRIMARY should delete all subkeys and leave the primary key intact.
  2. --delete-secret-subkeys $PRIMARY! should not delete any keys.
  3. --delete-secret-subkeys $SIGN should delete all subkeys and leave the primary key intact.
  4. --delete-secret-subkeys $SIGN! should delete only the signing subkey and leave the primary key and other subkeys intact.

Diff Detail

rG GnuPG
Lint Skipped
Unit Tests Skipped